Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 21, 2008

Filesys::SmbClientParser Shell Command Injection Vulnerability

Secunia Advisory: SA31175
Release Date: 2008-07-21


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Filesys::SmbClientParser 2.x

Description:
Jesus Olmos Gonzalez has discovered a vulnerability in Filesys::SmbClientParser, which can be exploited by malicious people to compromise an application using the module.

The vulnerability is caused due to the module improperly escaping characters contained within e.g. the names of shared directories. This can be exploited to execute arbitrary commands by tricking the user into processing a specially crafted directory shared by a malicious SMB server.

The vulnerability is confirmed in version 2.7. Other versions may also be affected.

Solution:
Do not connect to untrusted servers with applications using the module.

Provided and/or discovered by:
Jesus Olmos Gonzalez, Internet Security Auditors

Original Advisory:
http://packetstormsecurity.org/0807-exploits/smbclientparser-exec.txt

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 21, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 21, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Def-Blog "article" SQL Injection Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31174
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Def-Blog 1.x

Description:
CWH Underground has discovered some vulnerabilities in Def-Blog, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "article" parameter in comaddok.php and comlook.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-07/0149.html

Collapse -
rPath update for bind

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31169
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x



Description:
rPath has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Update to:
bind=conary.rpath.com@rpl:1/9.3.4_P1-0.5-1
bind-utils=conary.rpath.com@rpl:1/9.3.4_P1-0.5-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0230

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
SUSE Update for Multiple Packages

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31167
Release Date: 2008-07-21


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Solution:
Updated packages are available via YaST Online Update or the SUSE FTP server.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

Other References:
SA30657:
http://secunia.com/advisories/30657/

SA30963:
http://secunia.com/advisories/30963/

SA30986:
http://secunia.com/advisories/30986/

SA31108:
http://secunia.com/advisories/31108/

Collapse -
SWAT 4 Denial of Service Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31158
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: SWAT 4 1.x

Description:
Luigi Auriemma has reported some vulnerabilities in SWAT 4, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) A NULL pointer dereference error can be exploited to cause a crash via a specially crafted "VERIFYCONTENT" or "GAMECONFIG" command sent before joining a server.

2) An error in the processing of the "RS" string in a "GAMESPYRESPONSE" command can be exploited to cause a runtime error via an overly long (greater than 71 bytes) "RS" string.

The vulnerabilities are reported in version 1.1. Other versions may also be affected.

Solution:
Use in trusted network environments only.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/swat4x-adv.txt

Collapse -
phpScheduleIt "useLogonName" Security Bypass

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31147
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: phpScheduleIt 1.x

Description:
A vulnerability has been reported in phpScheduleIt, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in an unspecified script. This can be exploited to gain access to the administration section.

Successful exploitation requires knowledge of the administrator e-mail address and that "useLogonName" is enabled.

The vulnerability is reported in versions 1.2.0 to 1.2.9.

Solution:
Update to version 1.2.10.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=614202

Collapse -
Bea Weblogic Apache Connector Buffer Overflow Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31146
Release Date: 2008-07-21


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: BEA WebLogic Server 10.x
BEA WebLogic Server 5.x
BEA WebLogic Server 6.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
BEA WebLogic Server 9.x

Description:
KingCope has reported a vulnerability in Bea Weblogic, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the Apache connector and can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted POST request.

Successful exploitation may allow execution of arbitrary code.

Solution:
Restrict network access to the vulnerable system.

Provided and/or discovered by:
KingCope

Original Advisory:
http://milw0rm.com/exploits/6089

Collapse -
MoinMoin Advanced Search Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31135
Release Date: 2008-07-21


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: MoinMoin 1.x

Description:
A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via multiple parameters to macro/AdvancedSearch.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 1.6.3 and 1.7. Prior versions may also be affected.

Solution:
Update to version 1.7.1.

Provided and/or discovered by:
The vendor credits Emanuele Gentili, Ubuntu.

Original Advisory:
http://moinmo.in/SecurityFixes#moin1.7.0

Collapse -
Zoph Multiple SQL Injection Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31125
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Zoph 0.x



Description:
Some vulnerabilities have been reported in Zoph, which can be exploited by malicious people to conduct SQL injection attacks.

Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 0.7.0.5.

Solution:
Update to version 0.7.0.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.zoph.org/#news

Collapse -
openSUSE libxcrypt MD5 Password Hash Configuration Weakness

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31096
Release Date: 2008-07-21


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: openSUSE 11.0

Description:
SUSE has acknowledged a weakness in libxcrypt, which results in potentially weaker security and may allow further attacks.

The weakness is caused due to libxcrypt using the DES algorithm to generate password hashes, although the MD5 algorithm is configured in /etc/default/passwd.

Solution:
Apply updated packages and regenerate all passwords.

Provided and/or discovered by:
Thomas Schulte

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00008.html

https://bugzilla.novell.com/show_bug.cgi?id=408719

Collapse -
Jobbex JobSite Cross-Site Scripting and SQL Injection Vulner

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA31089
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Jobbex JobSite



Description:
Russ McRee has reported some vulnerabilities in Jobbex JobSite, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "opt" parameter in search_result.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "jobcountryid" and "jobstateid" parameters in search_result.cfm is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Note: The script may also disclose certain sensitive information (e.g. the full path) when displaying error messages.

Solution:
Filter malicious characters or character sequences using a proxy.

Provided and/or discovered by:
Russ McRee

Collapse -
SUSE update for kernel

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Secunia Advisory: SA30982
Release Date: 2008-07-21


Critical:
Moderately critical
Impact: Security Bypass
Privilege escalation
DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html

Other References:
SA25955:
http://secunia.com/advisories/25955/

SA30101:
http://secunia.com/advisories/30101/

SA30580:
http://secunia.com/advisories/30580/

SA31048:
http://secunia.com/advisories/31048/

Collapse -
Security vulnerability in O2 UK's MMS system

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

The O2 UK web application for viewing MMS messages apparently failed to use secure authentication. Mobile phones without MMS support, which includes iPhone users, display a URL so the messages could be viewed via a web application. Unfortunately this was unsecured, so these images could be indexed by search engines. Once indexed these private communications could be revealed by a simple Google search and viewed by anyone. Some customers have expressed shock at the mobile network operator's negligent attitude. A young mother, for example, discovered a photo of her two-year-old daughter which she had sent by MMS.

More: http://www.heise-online.co.uk/security/Security-vulnerability-in-O2-UK-s-MMS-system--/news/111133

Collapse -
Google Mail has more spam

In reply to: VULNERABILITIES \ FIXES - July 21, 2008

Roaring Penguin Software says its research shows that the proportion of email coming from Google Mail accounts that is spam has almost quadrupled, from 7 to 27 per cent. This means that more than one email message in four coming from a Google Mail account was classified as spam, which makes up more than 2 per cent of all spam email originating from America.

The origin of spam email is becoming ever more significant, because spam filters are increasingly basing their analyses of email messages on where they come from ? and Google is still considered to be a good address. At any rate, no postmaster can afford to put the Google Mail server on his black list and refuse email from there as a matter of principle.

More: http://www.heise-online.co.uk/security/Google-Mail-has-more-spam--/news/111139

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.